16 matches found
CVE-2022-28309
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
Security Updates for Microsoft Dynamics 365 (on-premises) (April 2023)
The Microsoft Dynamics 365 on-premises is missing security updates. It is, therefore, affected by multiple session spoofing vulnerabilities. An attacker can exploit these to perform actions with the privileges of another user. Note that Nessus has not tested for these issues but has instead relie...
CVE-2023-28309
Microsoft Dynamics 365 on-premises Cross-site Scripting Vulnerability...
CVE-2023-28309
Microsoft Dynamics 365 on-premises Cross-site Scripting Vulnerability...
CVE-2023-28309 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
...
CVE-2023-28309
CVE-2023-28309 affects Microsoft Dynamics 365 (on-premises) and is a Cross-site Scripting vulnerability. ENISA/NCSC notes it enables a remote attacker to exploit XSS to execute code in the victim’s browser and potentially access sensitive data; Attack vector is network with user interaction requi...
KLA48838 Multiple vulnerabilities in Microsoft Dynamics
Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface. Below is a complete list of vulnerabilities: 1. A cross-site-scripting XSS vulnerability Microsoft Dynamics 365 Customer Voice can be exploited remotely to spoof...
CVE-2022-28309
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
CVE-2022-28309
Bentley View 10.16.02.022 is affected by a parsing flaw in 3DS files that can trigger an out-of-bounds read in the allocated buffer. The vulnerability, associated with ZDI-CAN-16308, requires user interaction (victim opens a malicious file/page). Exploitation could lead to arbitrary code executio...
CVE-2021-28309
Windows Kernel Information Disclosure Vulnerability...
CVE-2021-28309
Technical details for CVE-2021-28309 (Windows Kernel Information Disclosure Vulnerability) are not publicly provided in the supplied documents. No affected products, versions, root cause, impact, or remediations are disclosed here. Monitor sources for updates.
KLA12142 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain privileges, bypass security restrictions, spoof user interface. Below is a...
KB5001389: Windows Server 2008 Security Update (Apr 2021)
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Microsoft Internet Messaging API Remote Code Execution Vulnerability CVE-2021-27089 - Windows Kernel Information Disclosure Vulnerability CVE-2021-27093, CVE-2021-28309 - Windows Media...
KB5001347: Windows 10 version 1607 / Windows Server 2016 Security Update (Apr 2021)
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Win32k Elevation of Privilege Vulnerability CVE-2021-27072 - Windows Media Photo Codec Information Disclosure Vulnerability CVE-2021-27079 - Microsoft Internet Messaging API Remote Code...
CVE-2020-28309
...
CVE-2020-28309
This CVE entry is rejected/not used; it does not correspond to an active vulnerability.